Re: RFC: Memory protection in modules (stability)

Fabio Olive Leite (leitinho@akira.ucpel.tche.br)
Wed, 2 Apr 1997 03:44:04 -0300 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Terence J. McDevitt: "Re: URGENT: A Plea to the owners of linux.dev.kernel"
Previous message: Phil Lewis: "Re: URGENT: A Plea to the owners of linux.dev.kernel"

Hi there!

> If we were only dealing with iX86 and were never gonna grow out of it,
> this might not be a bad idea. BUT, as far as I know, only iX86 provides
> those extra protection levels in the middle. On other processors (i.e.,
> Sparc, Alpha) it's either ring 0 (full access, kernel side) or ring 1
> (full restriction, user side). I see where you're coming from though. One
> other problem (this actually may not be a problem - kernel gurus, please
> correct me if I'm wrong, but), the modules are kernel level code, so
> they'd hafta run ring 0 to get full access to devices, etc., as needed.
> I don't think that'll cut it. (Please, thought, TELL ME if I am wrong.)

Sorry, I didn't know the implications of these ideas. I've never really
undertood what's a ring anyway :). If we would have to switch all the way
to the last ring, it would be better to develope code as user processes
and have them into the kernel when they're stable, as the cost and
inconsistencies generated by that are immense.

> From my familiarity with microkernel OSes, the microkernel starts, and the
> real OS itself starts on top of that, which would make Linux not qualify
> as a microkernel - it is called by LILO or from a 'cat'ed image, and it's
> the only kernel - it does all its own scheduling, resource handling, etc.
> Case in point, the Mac PPC port of Linux running atop OSF's Mach
> microkernel.

I'm not _stating_ Linux is micro-kernel, I'm just looking at the minimal
kernel and module loading stuff and saying it looks like a micro-kernel
approach, which is good. Boot a minimal kernel, load the rest of the OS
after that.

> Well, really... are you gonna run potentially dangerous, untested alpha
> code like that on a production-level box when it's doing mission-critical
> stuff? Generally, that's what non-critical development boxes are for.
> (Yes, I know some people run alpha level code on production boxes - OK,
> lots. But, it's not always a great idea.)

That was precisely the seed of these thoughts. Being able to protect the
rest of the kernel from a buggy module. Even when things are not Alpha or
Beta, random bugs appear from time to time just to say Hi! :).

I'm starting to think this is unfeasible. Anyway, keep on discussing, as
this would be very very good for Linux. :)

[]
Fabio
( Fabio Olive Leite leitinho@akira.ucpel.tche.br )
( Computer Science Student http://akira.ucpel.tche.br/~leitinho/ )
( )
( Learn the hell outta everything. Mix it all up. Exercise madness. )

Next message: Terence J. McDevitt: "Re: URGENT: A Plea to the owners of linux.dev.kernel"
Previous message: Phil Lewis: "Re: URGENT: A Plea to the owners of linux.dev.kernel"